WIXLIB

12 Client Guide antivirus updateOpening Symantec AntiVirusOpening Symantec AntiVirusThis updated section is from Chapter 2, Symantec AntiVirus Basics.You can open Symantec AntiVirus in several ways.Note: You cannot use the Run As command from the Start menu to openSymantec AntiVirus if you attempt to run it as Current user and also have the“Protect my computer and data from unauthorized program activity” checkboxchecked. This action is not supported.To open Symantec AntiVirus Do one of the following: On the Windows taskbar, double-click the Symantec AntiVirus icon.Your administrator determines whether this icon appears on thetaskbar. On the Windows or Windows XP taskbar, click Start Programs Symantec Client Security Symantec AntiVirus or Start MorePrograms Symantec Client Security Symantec AntiVirus, asappropriate.Keeping virus and security risk protection currentThis updated section is from Chapter 2, Symantec AntiVirus Basics.Symantec AntiVirus relies on up-to-date information to detect, eliminate, andrepair the effects of viruses and security risks. One of the most common reasonsthat virus or security risk problems occur is that definitions files are notupdated after installation. The definitions files contain the necessary detectionand repair information about all newly discovered viruses and security risks.Symantec supplies updated definitions files daily through LiveUpdate andIntelligent Updater files that are posted to the Symantec Security Response Website. Updates are also issued whenever a new high-risk virus threat emerges.Scheduling LiveUpdate to run automatically is the easiest way to updatedefinitions files frequently. Always update immediately if a new virus scare isreported.With LiveUpdate, Symantec AntiVirus connects automatically to a specialSymantec Web site, and determines if virus and security risk definitions need tobe updated. If so, it downloads the proper files and installs them in the proper

Client Guide antivirus updateWhat to scanlocation. Generally, you do not have to do anything to configure LiveUpdate.The only requirement is an Internet connection.Note: Your administrator may have specified a maximum number of days thatthe virus and security risk definitions can be out of date. After exceeding themaximum number of days, Symantec AntiVirus automatically runs LiveUpdatewhen an Internet connection is detected.What to scanThis updated section is from Chapter 3, Protecting your computer from virusesand security risks.Symantec AntiVirus scans all file types by default. Manual, scheduled, startup,and user-defined scans also examine all file types by default.Auto-Protect includes SmartScan, which scans files with the extensionsincluded in the Program File Extensions List. SmartScan also scans allexecutable files and Microsoft Office documents whether or not the extensionsare listed in the Program File Extensions List.See “Modifying Auto-Protect and using SmartScan” in the 3.0 version of theSymantec AntiVirus Administrator’s Guide.You can choose to scan files by file extension, but your protection from virusesand security risks is reduced.You can also choose to exclude specific files from scanning. For example, if a filethat you know is not infected triggers a virus alert during a scan, you preventfurther warnings by excluding the file from your subsequent scans.If your email application uses a single Inbox fileIf your email application stores all email in a single file, as do Outlook Express,Eudora, Mozilla, and Netscape, you should exclude the Inbox file from manualand scheduled scans. If Symantec AntiVirus detects a virus in the Inbox fileduring a manual or scheduled scan, and the action configured for the virus isQuarantine, Symantec AntiVirus quarantines the entire Inbox and you will notbe able to access your email.Although regularly excluding a file from scanning is not recommended as ageneral practice, excluding the Inbox file from being scanned prevents it frombeing quarantined while still allowing a virus to be detected. If SymantecAntiVirus finds a virus when you open an email message rather than when you13

14 Client Guide antivirus updateWhat to scandownload the message or during a scan, it can safely quarantine or delete themessage without causing a problem with the entire Inbox.Scanning by extensionsSymantec AntiVirus can scan your computer by extensions.To add file extensions to the scan list1In Symantec AntiVirus, in the left pane, select the scan that you want tochange. If you selected a from the Scan category, click Options. If you selected a startup, user-defined, or scheduled scan, click thename of the scan to change, click Edit, and then click Options.Changes apply only to the specific scan that you select. If you selected Auto-Protect, go to step 2.2Click Selected extensions, and then click Extensions.3Type the extension to add, and then click Add.4Repeat step 3 as needed.5Click OK.About scanning all file typesSymantec AntiVirus can scan all of the files on your computer, regardless ofextension. Scanning all files ensures the most thorough protection. Scanning allfiles is more time consuming than scanning by extensions, but you are betterprotected from viruses and security risks.About preventing macro virus infectionsThe Symantec AntiVirus scanner automatically detects and removes mostMicrosoft Word and Excel macro viruses. By regularly running scheduled scans,startup scans, or Auto-Protect, you can protect your computer from macro virusinfections. Symantec AntiVirus regularly searches and cleans any macro virusesthat it detects.To best prevent macro virus infections, do the following: Enable Auto-Protect. Auto-Protect constantly scans the files that have beenaccessed (for example, file execute or file open) or modified (for example, filerename, file modify, file create, file copy, or file moves to a location). Run Auto-Protect for your email, if available. Protect your global template files by disabling automacros.

Client Guide antivirus updateWhat to do if a virus or security risk is detectedWhat to do if a virus or security risk is detectedThis updated section is from Chapter 3, Protecting your computer from virusesand security risks.Symantec AntiVirus responds to files that are infected by viruses or securityrisks with a first action and a second action. By default, when a virus is detectedby Auto-Protect or during a scan, Symantec AntiVirus attempts to clean thevirus from the infected file. If Symantec AntiVirus cannot clean the file, thesecond action is to log the failed cleaning attempt and move the infected file tothe Quarantine so that the virus cannot spread, which denies you further accessto the file.Depending on your antivirus policy, you can change these settings to delete aninfected file on detection or leave it alone (log only). For Auto-Protect, you canalso choose to deny access. In addition, you can set different actions for macroand non-macro viruses for each scan type separately.By default, when a security risk is detected by Auto-Protect or during a scan,Symantec AntiVirus quarantines the infected files and attempts to remove orrepair the changes that the security risk has made on the computer.Quarantining the security risk ensures that the security risk is no longer activeon your computer, and also ensures that Symantec AntiVirus can reverse thechanges, if necessary. If Symantec AntiVirus cannot do this, the second action isto log the risk and leave it alone. An additional action, Exclude, is available forsecurity risks if you have a particular security risk that your company’s securitypolicy allows on your computer.For each scan type, you can change these settings, and set different actions foreach category of security risk and for individual security risks as well.Note: In some instances, you might unknowingly install an application thatincludes a security risk such as adware or spyware. If Symantec has determinedthat blocking the risk will not harm the computer, then by default SymantecAntiVirus blocks the risk. If blocking the risk might leave the computer in anunstable state, Symantec AntiVirus waits until the application installation iscomplete before it quarantines the risk. It then repairs the risk's effects.About Auto-Protect and email scanningThis updated section is from Chapter 3, Protecting your computer from virusesand security risks.15

16 Client Guide antivirus updateAbout Auto-Protect and email scanningTo supplement Auto-Protect, Symantec AntiVirus detects at installationwhether you use a supported groupware email client and adds Auto-Protect foremail.Protection is provided for the following email clients: Lotus Notes 4.5x, 4.6, 5.0, and 6.x Microsoft Outlook 98/2000/2002/2003 (MAPI and Internet) Microsoft Exchange client 5.0 and 5.5Note: E-mail Auto-Protect works on your supported email client only. It does notprotect email servers.Symantec AntiVirus also includes Auto-Protect scanning for additional Internetemail programs by monitoring all traffic that uses the POP3 or SMTPcommunications protocols. You can configure Symantec AntiVirus to scanincoming messages for threats and security risks, as well as outgoing messagesfor known heuristics by using Bloodhound Virus Detection. Scanning outgoingemail helps to prevent the spread of threats such as worms that can use emailclients to replicate and distribute themselves across a network.Note: Internet email scanning is not supported for 64-bit computers.For Lotus Notes and Microsoft Exchange email scanning, Symantec AntiVirusscans only the attachments that are associated with email. For Internet emailscanning of the messages that use the POP3 or SMTP protocols, SymantecAntiVirus scans both the body of the message and any attachments that areincluded.If you use Microsoft Exchange or Microsoft Outlook over MAPI and you haveAuto-Protect enabled for email, when you open a message with an attachment,the attachment is immediately downloaded to your computer and scanned. Overa slow connection, downloading messages with large attachments affects mailperformance. You may want to disable this feature if you regularly receive largeattachments.There are times, such as during the installation of new software, that you musttemporarily disable Auto-Protect.See the Symantec AntiVirus User’s Guide for information about how to enableand disable Auto-Protect.

Client Guide antivirus updateAbout Auto-Protect handling of encrypted email connectionsNote: If a virus is detected as you open email, your email may take severalseconds to open while Symantec AntiVirus completes its scan.Email scanning does not support the following email clients: IMAP clients AOL clients Web-based email such as Hotmail and Yahoo! MailAbout Auto-Protect handling of encrypted emailconnectionsThis is a new section. This section replaces the section titled “Disabling emailscanning if you use SSL connections” in Chapter 3, Protecting your computerfrom viruses and security risks.By default, Auto-Protect supports the handling of encrypted passwords andemail over POP3 and SMTP connections. If you use POP3 or SMTP with SecureSockets Layer (SSL), then secure connections are detected and the encryptedmessages are passed through without scanning, allowing you to send andreceive email over a secure link.Even though Auto-Protect does not scan email that uses POP3 or SMTP overSSL, File System Auto-Protect continues to protect computers from viruses andsecurity risks in attachments. File System Auto-Protect scans emailattachments when you save the attachment to the hard drive.You can disable the handling of encrypted email if you need to do so. When theseoptions are disabled, unencrypted email is scanned when sent or received, butencrypted email is blocked. If you re-enable the options and then attempt tosend encrypted email, the email is blocked until you restart Outlook or OutlookExpress.Note: In some cases, if you turn off the handling of encrypted email for SMTPand POP3 in the Symantec AntiVirus user interface, the change does not takeeffect until you log out of Windows and log in again. If you need to be sure thatyour change took effect immediately, log out and back in again.To disable Auto-Protect handling of encrypted email connections1In Symantec AntiVirus, in the left pane, click Configure.2In the right pane, click Internet E-mail Auto-Protect.17

18 Client Guide antivirus updateDisabling and enabling Auto-Protect security risk scanning and blocking3Click Advanced.4Uncheck Allow encrypted POP3 connections and Allow encrypted SMTPconnections.5Click OK.Disabling and enabling Auto-Protect security riskscanning and blockingThis updated section is from Chapter 3, Protecting your computer from virusesand security risks.By default, Auto-Protect scans for security risks such as adware and spyware,quarantines infected files, and attempts to remove or repair the effects of thesecurity risk. In cases where blocking the installation of a security risk will notaffect the stability of a computer, Auto-Protect also blocks the installation bydefault. If Symantec determines that blocking a security risk could compromisea computer’s stability, then Auto-Protect allows the risk to install andimmediately takes the action that is configured for the risk.From time to time, however, you might temporarily need to disable scanning forsecurity risks in File System Auto-Protect, and then reenable it. You might alsoneed to disable blocking security risks to control the time at which Auto-Protectreacts to certain security risks.Note: Your administrator might lock these settings.To disable and enable Auto-Protect security risk scanning and blocking1In Symantec AntiVirus, in the left pane, click Configure.2In the right pane, click File System Auto-Protect.3Under Options, do the following:4 Check or uncheck Scan for Security Risks. Check or uncheck Block Security Risks.Click OK.Note: Regardless of whether the Block Security Risks checkbox is enabled, ifSymantec determines that blocking a security risk could compromise acomputer’s stability, then Auto-Protect allows the risk to install andimmediately takes the action that is configured for the risk.

Client Guide antivirus updateEnabling, disabling, and configuring Tamper ProtectionEnabling, disabling, and configuring TamperProtectionThis updated section is from Chapter 3, Protecting your computer from virusesand security risks.When Tamper Protection is enabled, you can configure Symantec AntiVirus toblock or log attempts to modify the Symantec processes or the internal softwareobjects that synchronize Symantec threads and processes. Internal objects areused to coordinate the activity of programs running on a computer. Forexample, when you use Microsoft Outlook to send an email message, theSymantec AntiVirus Snap-in for Outlook coordinates with the SymantecAntiVirus service to ask that the service scan the message.Note: If you run third-party security risk scanners that detect and defendagainst unwanted adware and spyware, these scanners typically impactSymantec processes. If Tamper Protection is enabled when you run such asecurity risk scanner, Tamper Protection generates a large number of alerts andlog entries.You can also configure a message to appear on your computer when SymantecAntiVirus detects a tampering attempt. By default, notification messages appearwhen Symantec AntiVirus detects tampering with internal objects. If you enablenotifications to be sent when Symantec AntiVirus detects tampering withprocesses, affected machines may receive notifications about Windowsprocesses as well as Symantec processes.Note: If an administrator manages your computer, and the Tamper Protectionoptions display a padlock icon, you cannot change these options because youradministrator has locked them.To enable, disable, and configure Tamper Protection1In Symantec AntiVirus, in the left pane, click Tamper Protection.2In the right pane, check or uncheck Enable Tamper Protection.3If you enabled Tamper Protection, then under Protection, check or uncheckProcesses and Internal objects.In the drop-down list for each option, do one of the following: To block unauthorized activity, click Block. To log unauthorized activity but allow the activity to take place, clickLog Only.19

20 Client Guide antivirus updateCreating scheduled scans4Check or uncheck Keep Tamper Protection enabled even if SymantecAntiVirus is shut down.5Under Notifications, check or uncheck Display message on affectedcomputer.6If you checked Display message on affected computer, check or uncheckProcesses and Internal objects.7Under Options, check or uncheck Keep Tamper Protection enabled even ifSymantec AntiVirus is shut down.8Click OK.Creating scheduled scansThis updated section is from Chapter 3, Protecting your computer from virusesand security risks.A scheduled scan is an important component of threat and security riskprotection. At the very least, schedule a scan to run once a week to ensure thatyour computer remains free of viruses and security risks, such as adware andspyware.Note: If your network administrator has created a scheduled scan for you, itappears in the Scheduled Scans area of the View folder, not in the ScheduledScans folder. The Scheduled Scans folder only displays scans that you’vescheduled.To create a scheduled scan1In Symantec AntiVirus, in the left pane, click Scheduled Scans.2In the right pane, click New Scheduled Scan.3Select one of the following types of scan to schedule: Quick Scan Full Scan Custom Scan4Click Next.5Type a name and description for the scan.For example, call the scan: Friday at 4.6Click Next.7Specify the frequency and when to scan.

Client Guide antivirus updateCreating scheduled scans8Click Advanced to configure advanced schedule options.9In the Advanced Schedule Options dialog box, do the following: Check Retry the scheduled scan within number hours of thescheduled time, then set the number of hours within which you wantthe scan to run. For example, you might want a weekly scan to run onlyif it is within three days of the scheduled time for the missed event.Check or uncheck Perform this user-defined scheduled scan evenwhen the user is not logged in. User-defined scans are always run if theuser is logged in, regardless of this setting.For managed clients, the administrator may override these settings. 10 Click Next.11 If you selected Custom Scan, then in the right pane, check the appropriatecheck boxes to specify where to scan.You can check anything from the entire computer to a single file.12 Click Options to change

works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec's maintenance offerings include the following: